Cybersecurity • 30th May 2019

8 Things to Include on Your Disaster Recovery Plan Checklist


Losing data is a company’s worst nightmare. Unfortunately, no one is immune as security breaches run rampant today.

You not only have to consider the effects of human interference, but also what could happen in the wake of a natural disaster. Wildfires, hurricanes and earthquakes are all natural occurrences that could knock out your data centers and erase pertinent information without a human ever touching a computer.

A comprehensive disaster recovery plan checklist is essential to getting a business back up and running following a disaster. In this blog, you’ll learn the goals of a disaster recovery plan and what to include on your checklist.

Disaster Recovery Plan Goals

Disaster recovery is meant to help your business stay ahead of problems that could result in a loss of data. According to the National Archives & Records Administration in Washington, 93 percent of companies that lose data access for 10 days or more due to a disaster file for bankruptcy within a year.

If you want to avoid financial loss, your disaster recovery strategy should provide the resources needed to:

  • Minimize risk. Before you create a disaster recovery plan, perform a risk assessment to uncover vulnerabilities in your current system.
  • Resume operations quickly. Your systems need to be available to you and your customers as soon as possible. Your plan should include solutions for accessing the system without needing physical access — such as a Software-as-a-Service (SaaS) platform and redundant data storage that can be accessed anywhere.
  • Maintain industry compliance. Depending on your industry, you likely have specific regulations to uphold. Your disaster recovery plan should reduce your risk of incurring penalties for failing to meet compliance obligations.
  • Address concerns of employees, owners and investors. Your disaster recovery plan should help business leaders, owners, employees and investors feel at ease knowing your company is secure. Write down the top concerns from each of these groups so you know which liabilities need to be addressed if a disaster occurs.

What Should You Include on Your Disaster Recovery Plan Checklist?

Here are eight key ingredients to include on your disaster recovery plan checklist:

1. Set Your Recovery Time Objective (RTO) and Recovery Point Objective (RPO)

The first thing you need to do is determine your RTO and RPO. These data points refer to:

The amount of time you need to recover all applications (RTO)
The age of the files that must be recovered for normal operations to resume (RPO)

Setting RTO and RPO goals requires input from multiple departments to best assess business needs.

Your RTO and RPO will help you determine what solutions are necessary to survive a disaster or a data breach and keep your data recovery costs low. They help you determine which hardware and software configurations you need to recover your workloads.

2. Take Inventory of Hardware and Software

Take a complete inventory of your hardware and software. Categorize each application in one of three buckets:

  • Critical applications you can’t do business without
  • Applications you will need to use within a day
  • Apps you won’t need for a few days or more

By defining your most critical applications, you’ll know which ones you need to prioritize in the event of a disaster. You should revisit this list once or twice a year as you install new apps or remove old ones.

Pro Tip: Make sure you have the vendor technical support information for each piece of hardware and application on hand so you can get back up and running fast.

3. Identify Personnel Roles

Beyond your software and hardware needs, you also need to outline the roles and responsibilities involved during a disaster recovery event. Duties range from making the decision to declare a disaster to contacting party-vendors.

Your disaster recovery plan should include a list of disaster recovery personnel with each person’s position, responsibilities and emergency contact information. Everyone from C-suite executives to help-desk reps has a role to play, and each person should understand their role in detail.

You should also have a list of back-up employees in case someone is on vacation or no longer available.

4. Choose Disaster Recovery Sites

Any good business continuity plan will also include using a disaster recovery site where all of your company’s essential data, assets and applications can be moved during a disaster. Whatever location you choose should be able to support your critical hardware and software.

Disaster recovery plans typically use three sites:

  • Hot sites, which act as a functional data center with hardware, software, personnel and customer data
  • Warm sites that allow access to critical applications (excluding customer data)
  • Cold sites where you can store IT systems and data, but that have no technology until your disaster recovery plan goes into effect

These sites should automatically perform backups and replicate workloads to speed up recovery.

5. Outline Response Procedures

Documenting your recovery strategy is the only way to guarantee your team will know what to do and where to start. Write down guidelines for everything, including:

  • Communication procedures for employees, media and customers
  • Data backup procedures, including a list of facilities and third-party solutions
  • Instructions for initiating a response strategy, including staff roles and critical activities
  • Post-disaster activities that should take place after operations are reestablished, such as contacting customers and vendors

You can’t be too detailed when it comes to documenting response procedures. The goal is to achieve full transparency and make sure each staff member understands the disaster recovery process from start to finish.

6. Identify Sensitive Documents and Data

Thinking beyond hardware and software, you also need a list of the essential documents and data that you cannot lose without disastrous effects. This includes sensitive information, such as Personally Identifiable Information (PII), and who will have access to that data in the event of a breach or disaster.

7. Create a Crisis Communication Plan

No matter the size of your company, you need a clear strategy for communicating with employees, vendors, suppliers and customers in the event of a disaster. As long as you keep customers and the media informed on the status of your data outage or breach, they will feel much better about how you’re handling the situation.

Larger companies should create a crisis management media kit for reporters and customers. Include a statement that your PR team can publish on your website and across social media platforms that includes a number to contact for more information and an estimate on when things will be back up and running.

8. Run Continuous Practice Tests to Ensure Your Plan Is Effective

The last thing you want is to have your disaster recovery plan fail in your time of need. Test your plan at least once or twice each year and look for red flags, such as failed backup hardware or a slow internet connection that can’t restore your data in time.

Any time you run through a practice test, you should also review your risk assessments, personnel lists and inventory to ensure everything is up to date.

Get Expert Disaster Recovery Planning Assistance From KMicro

Today, every company is likely to experience a natural disaster or human interference at one point or another. To keep your data protected, you need a foolproof disaster recovery plan.

Reach out to KMicro to learn more about how we can help you create an effective disaster recovery plan that will get you back up and running in no time.

Get started with